System and method of protecting privacy

ABSTRACT

A service used by Subscribers who desire to protect the confidentiality of their personal and financial information. The service transmits to Companyies holding Subscriber personal information the Subscriber&#39;s instructions to maintain the confidentiality of this information, and assists the Subscriber in obtaining the Companies&#39; acknowledgement to honor these instructions.

FIELD OF THE INVENTION

[0001] The present invention relates generally to a method and apparatusto assist users (“Subscribers”) in protecting the confidentiality ofpersonal information, including such data as identification, medical,and financial information. The invention provides Subscribers with anInternet-based service that allows the Subscriber to instruct companies,organizations, and other institutions (“Companies”) to preserve theconfidentiality of information about the Subscriber.

BACKGROUND OF THE INVENTION

[0002] Maintaining the confidentiality of information regarding oneselfhas become increasingly difficult. However, many people wish to maintaintheir privacy and accordingly wish to maintain the confidentiality ofinformation about themselves that others acquire and save. The problemof maintaining confidentiality of personal and financial information hasincreased with the rise of the use of computers and the Internet.Computers allow vast compilations of personal data to be archived yeteasily accessed and searched when information on a particular person isdesired. The Internet has provided the means for this information to bewidely and quickly disseminated. The Internet has also provided furthermeans to gather personal information as people use the various servicesprovided over the Internet. It has therefore become increasinglyimportant for individuals to take actions to protect the confidentialityof information about themselves that others have gathered.

[0003] One important action to take is to ensure that informationprovided to Companies with which one interacts is maintained inconfidence. Fortunately, there are some legal barriers to disseminationof such information. Companies may also have privacy policies thatdetail how they may use the personal and financial information that theyacquire. To fully take advantage of these protections and to make cleara desire to protect one's personal information, it is prudent to requesteach Company that has been provided personal information to preserve itsconfidentiality. Those individuals who wish to protect their own privacymust instruct each company who records their personal information not touse the information for purposes other than those for which it was givenand not to share or otherwise disseminate the information. To be mosteffective these instructions may also need to be periodically renewed orreiterated. Such an undertaking can be onerous and time consuming.

[0004] There are organizations that provide information to individualsabout protecting privacy and reducing direct marketing solicitations.These organizations include Junkbusters, the Privacy RightsClearinghouse, Private Citizen, the Consumer Research Institute, andZero Junk Mail. Each of these organizations maintains a web site thatprovides information on preserving privacy or limiting direct mailsolicitations. The Direct Marketing Association also maintains a list ofpeople who do not wish to receive direct mail, telephone, and emailsolicitations. However, these organizations do not provide a service toprovide an individuals privacy instructions to the organizations thatthe individual has given personal information.

SUMMARY OF THE INVENTION

[0005] The invention provides a Service that allows users(“Subscribers”) to easily communicate privacy instructions to companies,organizations, and other institutions (“Companies”) to preserve theconfidentiality of information about the Subscribers.

[0006] The invention is an Internet-based service that assistsSubscribers who desire to protect the confidentiality of their personalinformation. Subscribers indicate to the Service the companies (the“Companies”) that posses personal information about them, and requestthe Service to instruct these Companies to preserve the confidentialityof that information (the “Privacy Instructions”). The Servicecommunicates the Privacy Instructions to those Companies on behalf ofthe Subscribers. The Service advises the Subscribers that thesecommunications have taken place. In the event the Company indicates tothe Service whether it will comply with the Subscriber's PrivacyInstructions, the Service so advises the Subscriber. Depending upon thecircumstances, the Service may have additional communications with thatCompany and Subscribers about the Privacy Instructions.

BRIEF DESCRIPTION OF THE DRAWINGS

[0007]FIG. 1 shows a flowchart of the basic method of the presentinvention.

[0008]FIG. 2 shows the information flow during the Subscriber sign upprocess.

[0009]FIG. 3 shows the information flow during communication ofSubscriber privacy instructions to a Company.

[0010]FIG. 4 shows the information flow in the event a Company respondsthat it will honor all privacy instructions.

[0011]FIG. 5 shows the information flow in the event a Company respondsthat it will honor privacy instructions only for some Subscribers.

[0012]FIG. 6 shows the information flow in the event a Company initiallyresponds that it will not honor privacy instructions and subsequentlyagrees to honor all privacy instructions.

[0013]FIG. 7 shows the information flow in the event a Company respondsand maintains that it will not honor all privacy instructions.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

[0014] Referring to FIG. 1, an overview of method 10 of providing theService of the invention is shown. In general the steps of method 10include the following: Subscriber sign up 20, communication of PrivacyInstructions to companies, organizations, and other institutions(“Companies”) 30, and processing responses from Companies to thecommunications from the Service 40. It should be understood thatalthough these steps are generally accomplished in the order shown inFIG. 1 each step may be continuously repeated as various users(“Subscribers”) and Companies are addressed by the Service. In thepreferred embodiment, the Service relies on a computer system programmedto manage Subscriber interactions though a web site and email. Thecomputer system is also used to generate the communications with theCompanies. The computer system allows the status of the PrivacyInstructions of each Subscriber to various Companies to be recorded andaccessed. This allows each Subscriber to access the status of PrivacyInstructions communicated on the behalf of the Subscriber. The detailsof the preferred embodiment of each step of the general method 10 aredescribed below.

Subscriber Sign Up.

[0015] The information flow between the Service and the Subscriberduring the Subscriber sign up 20 is shown if FIG. 2. A prospectiveSubscriber signs up for the Service by visiting a dedicated Internet WebSite, located on the world wide web 210. Through the use of a computer,the prospective Subscriber completes his/her personal profile (“PersonalProfile”), accepts the Service'terms and conditions, and selects aunique user name and password. The prospective Subscriber then enterscertain information to complete his/her Personal Profile. Thisinformation generally includes the prospective Subscriber's completename, postal address, email address, telephone numbers at work and athome, and social security number. If the Subscriber declines to providecertain identification information, then Companies may be unable toidentify the Subscriber. The Service uses a computer system thatprovides the Web Site. The computer system obtains identificationinformation from the prospective Subscriber when the Subscribercompletes the personal profile. The prospective Subscriber is acceptedas a Subscriber upon validation by the Service of the payment for thefirst term of the Service, such as receipt of a Subscriber's check orvalidation of a credit card he/she has inputted to pay for the firstyear. The computer system retains the Personal Profile information ofeach accepted Subscriber in a database.

[0016] Upon becoming a Subscriber, the Subscriber receives an on-screenmessage welcoming him/her to the Service, providing the Subscriber alink to the index of potential companies, organization, and otherinstitutions that the Service supports (the “Company Index”), andproviding other information about the Service to the Subscriber. TheService also transmits an email message 220 to the email address enteredby the Subscriber on his/her Personal Profile welcoming him/her to theService and providing other information.

[0017] The Subscriber at any time can change his/her Personal Profile(e.g., to change his/her name, password, postal address, email address,telephone number), by visiting the dedicated Web Site 230 and enteringhis/her user name and password. Procedures are available for aSubscriber who has forgotten his/her user name and/or password. ThisSubscriber sign up process is ongoing as further potential Subscribersaccess the Web Site to sign up and various existing Subscribers accesstheir Personal Profiles.

Communication of Privacy Instructions To Companies.

[0018] The information flow during the communication of PrivacyInstructions to Companies 30 is shown in FIG. 3. The Subscriber entersthe Company Index through the Web Site 310 to designate those Companiesto which the Service is to communicate Privacy Instructions on behalf ofthe Subscriber. (The Subscriber may do this after becoming a Subscriberor earlier in that visit to the Web Site prior to signing up for theService.) Through the selection of Companies in the Company Index by theSubscriber, the computer system obtains a list of the organizations towhich Privacy Instructions are to be communicated on behalf of theSubscriber. The indication that a Company has been selected by theSubscriber is recorded by the computer system in the database.

[0019] The Service communicates these Privacy Instructions to each ofthese Companies 320 on the Subscriber's behalf, along with the PrivacyInstructions of other Subscribers who have designated that Companyduring the time period covered by that communication to the Company.This communication is generated after a number of Subscribers haveselected the Company. The computer system provides an aggregate list ofthose Subscribers on whose behalf the Privacy Instructions are to becommunicated to the Company. The computer system also records in thedatabase an indication of which Companies have been sent PrivacyInstructions on behalf of which Subscribers. The Subscriber may be giventhe option to vary the content of the Privacy Instructions that arecommunicated to the Company. Specific request options to be included inthe Privacy Instructions that are obtained from the Subscriber may alsobe recorded in the database. The Company will receive a communication onbehalf of a significant number of Subscribers. This communication may beprovided to the Company in various forms including written andelectronic forms. The Company is more likely to respond to thiscommunication because it is on behalf of a significant number of itscustomers and because the privacy concerns of a number of customers canbe dealt with in an efficient manner together. This process is repeatedperiodically for each Company in the Company Index.

[0020] The communication that is generated includes instructionsindicating acceptable or non-acceptable uses of personal informationregarding the Subscriber. Such instructions may include for exampleinstructions not to use personal information other than to provide theSubscribers with the products or services they currently receive,instructions not to share personal information with other companiesincluding affiliates, instructions not to use personal information fortelemarketing, direct mail or other marketing purposes, and instructionsto remove Subscriber names from marketing lists. The communication willalso include data enabling the Company to identify each Subscriber towhich the instructions apply. The Service selects the information toprovide to each Company in an effort to provide only the informationthat the particular Company may require to identify the Subscribers.

[0021] The Subscriber is provided information regarding thecommunication of Privacy Instructions to designated Companies.Periodically the Service sends an email 330 to the Subscriber indicatingthe Companies to which his/her Privacy Instructions have beencommunicated since the previous periodic email. The Subscriber's privacyprofile (the “Company Profile”), which is discussed below, also reflectsthat his/her Privacy Instructions have been communicated to thatCompany. The Subscriber can view the status of his/her PrivacyInstruction by visiting the Web Site 340 as discussed below with regardto the Company Profile of the Subscriber.

Company Responses To Communications From the Service.

[0022] After receiving the communication 320 of the Privacy Instructionson behalf of a number of Subscribers, a Company may react in a number ofways. FIG. 4 shows the flow of information in the event that the Companyindicates that it will honor all Privacy Instructions with respect toeach Subscriber. FIG. 5 shows the flow of information in the event thatthe Company indicates that it will honor the Privacy Instruction foronly some Subscribers. FIG. 6 shows the information flow in the event aCompany initially responds that it will not honor some or all PrivacyInstructions and subsequently agrees to honor some or all PrivacyInstructions. FIG. 7 shows the information flow in the event a Companyresponds and maintains that it will not honor any Privacy Instructions.

[0023] As shown in FIG. 4, in the event the Company responds 410 that itwill honor the Privacy Instructions of all of the Subscribers identifiedin the communication, the Service sends an email 412 to the Subscriberindicating that the Company has responded that it will honor theSubscriber's instructions. The Service maintains an indication that theCompany has indicated it will honor the instructions in the database.

[0024] A Company may respond that it will honor Privacy Instructions forsome Subscribers but not others. This may occur, for example, when someSubscribers do not provide social security numbers and the Companycannot identify the personal information of the Subscriber without thesocial security number. FIG. 5 shows the information flow in the eventthe Company responds 420 that it will honor the Privacy Instructions forsome of the Subscribers identified in the communication but not forothers, the Service sends an email to the Subscriber summarizing theCompany's response as it relates to that Subscriber. For thoseSubscribers for which the Company indicated it will honor their PrivacyInstructions, the email 422 indicates that the Company has respondedthat it will honor the Subscriber's Privacy Instructions. For thoseSubscribers for which the Company indicated it would not honor theirPrivacy Instructions, the email 424 informs the Subscriber of theCompany's refusal and suggests to the Subscribers certain additionalaction they may take. The Service records in the database an indicationfor each Subscriber of whether the Company will or will not honor thePrivacy Instructions.

[0025] As shown in FIG. 6, in the event the Company responds 430 that itwill not honor certain or all of the instructions identified in thecommunication, the Service sends a second communication 432 to theCompany, and sends an email 434 to the Subscribers informing them of theCompany's response and that the Service has sent a second communicationto the Company. In the event the Company indicates in response 436 tothe second communication 432 that the Company will honor some or all ofthe Privacy Instructions of each of the identified Subscribers, theService sends an email 438 to the Subscribers summarizing the Company'sresponse. As shown in FIG. 7, in the event the Company indicates inresponse 440 to the second communication 432 that the Company will nothonor certain or all of the instructions for the identified Subscribers,the Service sends an email 442 to the Subscriber summarizing theCompany's response and suggesting to the Subscriber certain action theymay take. The response of the Company is maintained with respect to eachrelevant Subscriber in the database.

Subscriber Company Profile.

[0026] Upon becoming a Subscriber, a Company Profile is created by theSubscriber. The Subscriber can view his/her Company Profile at any time,by visiting the Web Site and entering his/her username and password.Procedures are available for a Subscriber who has forgotten his/herusername and/or password. The Subscriber at any time can change his/herCompany Profile (e.g., to add or delete a Company to which his/herPrivacy Instructions are to be communicated) by visiting the Web Siteand entering his/her username and password.

[0027] The Company Profile is generated from the data maintained in thedatabase and lists each of the Companies the Subscriber has designatedfor the Service to communicate the Subscriber's Privacy Instructions,and the status of those Privacy Instructions. A Company's status ismarked as “Pending” or the like until the Privacy Instructions arecommunicated by the Service to the Company. When the Service sends theSubscriber's Privacy Instructions to the Company, the Company's statuson the Subscriber's Company Profile is marked “Notification Sent” or thelike, noting the date sent. If a Company has become inactive because forexample it has gone out of business, that inactive status is indicatedon the Company Profile. In the event the Subscriber has deleted theCompany from his/her Company Profile in accordance with the proceduresdescribed above, that fact also is indicated on the Company Profile.

[0028] In the event the Subscriber identifies a Company that does notappear on the Company Index, the Subscriber is able through the Web Siteto suggest to the Service the addition of that Company; although theService is not obligated to add the suggested Company to the CompanyIndex. The Service sends an email to the Subscriber thanking him/her forhis/her suggestion and advising that the Subscriber visit the “View NewCompanies” section of the Web Site in the future to see if the suggestedCompany has been added to the Company Index.

[0029] The Subscriber also receives from time to time certain emailcommunications from the Service about privacy-related developments ofpotential relevance to the Subscriber, unless the Subscriber hasindicated to the Service that he/she does not wish to receive emails ofthis nature.

[0030] Subscribers also have access to Customer Service to emailquestions or comments. Subscribers also can use Customer Service tocancel the Service, which the Subscriber can do at any time. Inaddition, Frequently Asked Questions are available through the Web Siteto Subscribers, as well as non-Subscriber visitors to the Web Site.

Renewal.

[0031] Shortly before the expiration of the Subscriber's initial orrenewal term of one year, the Service sends an email to the Subscriberinforming him/her of the upcoming renewal. If the credit card theSubscriber used to pay for the prior term has expired, this email alsoindicates that the Subscriber's subscription cannot be renewed unlessnew credit card information is entered in the Subscriber's PersonalProfile. Unless the Subscriber cancels the Service prior to the renewaldate or, where applicable, an expired credit card is not updated, theSubscriber's subscription is renewed. Following renewal, the Servicesends an email to the Subscriber providing certain information about therenewal. As each Company may only retain Privacy Instructions for alimited time, it is desirable to repeat the instructions periodically.Thus, the Service may repeat the step 30, communication of PrivacyInstructions to Companies, and step 40, processing responses fromCompanies to the communications from the Service, on a periodic basisfor each Company. Following renewal, the Subscriber's PrivacyInstructions continue to be communicated to each of the Companies thenappearing on the Subscriber's Company Profile on a periodic basis. If aprior Subscriber fails to renew, the Service will cease to include theprior Subscriber on further communication to Companies.

[0032] Other embodiments, uses and advantages of the present inventionwill be apparent to those skilled in the art from consideration of thespecification and practice of the invention disclosed. The specificationand examples are exemplary. The scope of the invention is set forth bythe following claims.

We claim:
 1. A method for protecting consumer privacy comprising thesteps of: obtaining identification information of a plurality ofsubscribers; obtaining a list of organizations from each individualsubscriber of the plurality of subscribers, each list of organizationsdesignating organizations to which privacy instructions are to becommunicated on behalf of the individual subscriber; aggregating a listof subscribers wishing to communicate the privacy instructions to aparticular organization; and communicating a request to honor theprivacy instructions to the particular organization on behalf of thoseon the list of subscribers.
 2. The method of claim 1 wherein the stepsof obtaining identification information and obtaining a list oforganizations include soliciting subscriber input over the internet. 3.The method of claim 1 wherein the steps of obtaining identificationinformation and obtaining a list of organizations include subscriberinteraction with a web page.
 4. The method of claim 1 wherein said stepof aggregating includes aggregating a list of subscribers wishing tocommunicate privacy instructions for each of a plurality oforganizations.
 5. The method of claim 1 wherein the step of obtaining alist of organizations includes providing each of the plurality ofsubscribers with a list of organizations from which to select.
 6. Themethod of claim 1 further comprising the step of communicating, to eachsubscriber on the list of subscribers, how the particular organizationresponded to the step of communicating a request to honor privacyinstructions.
 7. The method of claim 1 further comprising the step ofcommunicating with the particular organization a second time when noresponse is received to the step of communicating a request to honorprivacy instructions.
 8. The method of claim 1 further comprising thestep of allowing each of the plurality of subscribers to change theiridentification information.
 9. The method of claim 1 further comprisingthe step of providing each of the plurality of subscribers with accessto information regarding status of the request to honor privacyinstructions.
 10. The method of claim 1 further comprising the step ofproviding each of the plurality of subscribers with informationregarding status of privacy instructions on each organization on thelist of organizations obtained from that subscriber.
 11. The method ofclaim 1 further comprising the step of providing each individualsubscriber the option to vary the privacy instructions.
 12. The methodof claim 1 further comprising the step of accepting a plurality ofpotential subscribers as subscribers.
 13. The method of claim 12 whereinsaid step of accepting includes receiving payment from each of theplurality of potential subscribers.
 14. The method of claim 1 furthercomprising the step of communicating privacy instructions to theparticular organization on behalf of those on the list of subscribersperiodically.
 15. The method of claim 14 further including the steps of:soliciting renewal payment from each of the plurality of subscribersperiodically; and ceasing to include those subscriber who fail toprovide renewal payment on the list of subscribers.
 16. A method ofprotecting consumer privacy comprising the steps of: obtaining from eachindividual subscriber of a plurality of subscribers a list oforganizations to which the individual subscriber requests instructionsto be communicated, the instructions registering limits on use ofinformation regarding the individual subscriber; and maintaining adatabase relating each individual subscriber and organizations to whicheach individual subscriber has requested that instructions becommunicated.
 17. The method of claim 16 further comprising the stepsof: generating a communication to a selected organization on behalf of aset of the plurality of subscribers who requested the instructions becommunicated to the selected organization, the communication includingthe instructions registering limits on use of information regarding eachsubscriber of the set of the plurality of subscribers; and maintaininginformation in the database relating each subscriber and organizationsto which instructions have been communicated on behalf of thesubscriber.
 18. The method of claim 17 further comprising the steps of:obtaining from each individual subscriber an indication of specificrequests to be included in the instructions registering limits on use ofinformation regarding the individual subscriber; and maintaininginformation in the database relating each subscriber, organization, andthe specific requests.
 19. The method of claim 17 further comprising thesteps of: repeating the step of generating a communication with respectto each organization in the database as required.
 20. The method ofclaim 17 further comprising the steps of: obtaining from each of theplurality of subscriber identification data; and maintaining informationin the database relating each subscriber and identification data. 21.The method of claim 20 wherein selected identification data is includedin the communication to allow the selected organization to identify eachsubscriber in the set of the plurality of subscribers who requestedinstructions be communicated to the selected organization.
 22. Themethod of claim 20 further comprising the step of allowing subscribersto change the identification data maintained in the database thatrelated to themselves.
 23. The method of claim 20 wherein the databaserecords identification data including postal addresses, email addresses,and telephone numbers of subscribers.
 24. The method of claim 20 whereinthe database records identification data including social securitynumbers of subscribers.
 25. The method of claim 19 further comprisingthe steps of sending to a subscriber communications indicatingorganizations to which communications have recently been sent on behalfof the subscriber.
 26. The method of claim 17 further comprising thestep of maintaining in the database information regarding a response ofthe selected organization to the communication.
 27. The method of claim17 further comprising the steps of: generating a second communication tothe selected organization in the event that the selected organizationfails to respond to the original communication and in the event that theselected organization refuses to honor the instructions; and maintaininginformation in the database regarding the organizations for which asecond communication is generated.
 28. The method of claim 19 furthercomprising the step of relaying each response received from anorganization to the instructions to each subscriber addressed in theresponse.
 29. The method of claim 28 wherein the step of relayingincludes sending a communication to a subscriber that includes anindication that the organization will honor the instructions in theevent the organization indicates it will honor the instructions withrespect to the subscriber, information regarding the refusal of theorganization to honor the instructions in the event the organizationindicates it will not honor the instructions with respect to thesubscriber and suggestions to the subscriber regarding additional actionthat may be taken.
 30. The method of claim 16 further comprising thestep of providing a subscriber information in the database regardingthat subscriber.
 31. The method of claim 16 further comprising the stepof obtaining renewal information periodically from each subscriber; andmaintaining the renewal information in the database.
 32. The method ofclaim 31 further comprising the steps of: generating a communication toa selected organization in which instructions regarding limits on use ofinformation is sent on behalf of a set of the plurality of subscriberswho requested instructions be communicated to the selected organizationafter obtaining renewal information; and maintaining information in thedatabase relating each subscriber and organizations to whichinstructions have been communicated on behalf of the subscriber.
 33. Acomputer system apparatus for protecting subscriber privacy comprising acomputer programmed with software for maintaining a database ofinformation, the database relating individual subscribers of a pluralityof subscribers and organizations which the individual subscribers desireto protect personal information, the software including: a routineenabling the computer to obtain identification information from theplurality of subscribers; a routine enabling the computer to obtain anindication of which organizations each individual subscriber desires toprotect their personal information; and a routine enabling the computerto generate communications to organizations including instructions toprotect personal information on behalf of a plurality of subscribers.34. The computer system of claim 33 wherein the software furtherincludes a routine enabling the computer to retain and provide access toinformation regarding which organizations communications have beengenerated on behalf of each individual subscriber.
 35. The computersystem of claim 33 wherein the software further includes a routineenabling the computer to accept and record in the database dataregarding a response by an organization to the generated communication.36. The computer system of claim 35 wherein the routine enabling thecomputer to obtain identification information and the routine enablingthe computer to obtain an indication of which organizations eachindividual subscriber desires to protect their personal information eachgenerate a web page through which subscribers interact with the computersystem.